mirai | c5529040db9e0e5cbe26dac8162859d8867ae845a6b2fdfdcad8ee2cfe63ff1d | Triage

Sharing

General

Target

jewn.sh
Size

1KB
Sample

241207-esa2ra1nfp
MD5

720a5e4e44f99b055d00bf5be3948b2d
SHA1

684fa717c79344199982029892b768a335682f57
SHA256

c5529040db9e0e5cbe26dac8162859d8867ae845a6b2fdfdcad8ee2cfe63ff1d
SHA512

c9b4f2f2e6f9e0c66421ae95641f013e7be7652e9b4787cc84cab88e24fe18e471b77249de3c210fe410e16312dbef499b5e81b8d03ffb4ad1796f5dc1a04b1a

Score

10^/10

mirai kurc antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

KURC

Extracted

Family

mirai

Botnet

KURC

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  jewn.sh
- Size
  
  1KB
- MD5
  
  720a5e4e44f99b055d00bf5be3948b2d
- SHA1
  
  684fa717c79344199982029892b768a335682f57
- SHA256
  
  c5529040db9e0e5cbe26dac8162859d8867ae845a6b2fdfdcad8ee2cfe63ff1d
- SHA512
  
  c9b4f2f2e6f9e0c66421ae95641f013e7be7652e9b4787cc84cab88e24fe18e471b77249de3c210fe410e16312dbef499b5e81b8d03ffb4ad1796f5dc1a04b1a
Score

10^/10

mirai kurc botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (113420) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraikurcbotnetdefense_evasiondiscovery

behavioral2

miraikurcantivmbotnetdefense_evasiondiscovery

behavioral3

miraikurcbotnetdefense_evasiondiscovery

behavioral4

miraikurcbotnetdefense_evasiondiscovery